1 hour 17 minutes
Well, welcome back. We've got some more learning objectives to go over for the next section that we're gonna dive into,
and we're gonna start off with looking at trust in devices,
trusting users, trusting the applications and trust in the traffic. And really, how we go about doing that.
All right. We're also gonna take a look at the golden image. Um, you know, what is that? You know, why is that important in a zero trust network or in the traditional network?
We'll also look at a unified extensible firmware interface or U f. I will touch on that briefly and how that could play a role in trust in our devices. And then, ah, well, will skim over something called F w nap and how that could serve as a really cool lab
or test or something that you could even spend up in your production environment.
Um, to give you trust for a network traffic. Thanks so much. Stay tuned.
Hello and welcome back. And if this is your first time joining Thanks for stopping by.
To trust or not to trust, I would like to focus the remainder of this discussion around how we verify entities on the network to play some level of trust and then so we could be productive.
Now, zero trust networks will focus on how to trust devices, users, applications and traffic through different systems and processes.
So we start by talking about how we can trust the device.
The best practice that many of you may be familiar with is the golden image.
It is always best to load a known good image into a device before placing it into production.
No performing this task allows us to have some trust
at the device
that the device is secure, so golden images normally have fully patched operating systems and fully packed software. We kind of understand
what to expect from that device when it's
brought on to someone's desk or when we provided to new employees. So device hygiene is important, and it gives us confidence that device can be validated without an issue.
Another big step we can take on trust and devices is secure boot
and we confined in the latest Microsoft Windows computer is something called unified Extensible Firmware Interface or you E F I.
So six your boot like you e f. I helped a combat against malware and malicious attacks, a device firmware level.
We talked about device certificates as another attribute to help us verify our devices.
Client base certificates signed by certificate authority helps to enable some level of trust for our devices.
You know another area that helps us place trust in the device is software configuration management.
Now being able to do this give this tight control and a record of all software changes
that are made to critical infrastructure on the network.
Now there are many other things that can be applied to devices that make trusting them more scalable.
So I encourage you to take a look at the supplemental material
that you will be shown later in the discussion on help You go deeper.
So let's move on to trusting users.
Trust in a user will always start off with a human element.
You know, we see this in the form of interviews, by phone and in person before any trust can really be established.
We wouldn't create an account for someone we only talk with by email and then afterwards send them a computer for them to log in for the first time in use.
It needs to be a little bit more personal.
I imagine if you had Children and they want to sleep over at a friend's house, you as a parent or guardian, would want to meet the parents and visit the home where your child would spend the night. Correct.
zero trust is not in favor of email. Only introductions to new employees.
The hiring manager and others in the interview process can help with a human based authentication that allows for the digital entity or identity to be created
now. Once created, storing that identity becomes really important.
So centralizing these accounts into a directory helps inform and trust.
So zero trust networks will want to storm or information outside of traditional information, such as user names, contact numbers and role in the organization. Right, so zero trust
will want the user location,
who they report to,
and maybe even the user's public key. If certificates are deployed for extra authentication, right?
So how do we authenticate identity?
Well, we have three ways to identify a user
something they know,
such as a password.
Something that they have
an example would be a token or keep Bob
and then something they are. An example would be a fingerprint
or your retina when you use biometrics for authentication.
And zero, Trust really prefers authenticating with one more than one of these methods, especially for highly critical systems. So pairing two of these methods together provides stronger security for user authentication.
An example would be, ah, user trying to authenticate to a workstation.
The users should have a password, something you know and a token, something you have for strong authentication.
Another example would be a user authenticating to a mobile device.
User could use a fingerprint,
something you are and a pass phrase something you know for access.
So when dealing with passwords, we could make it stronger by Flynn,
but also by using random password generators. Ah, lot of secret server password bolt products offer this feature now believe Microsoft's local account, password solution or lapse behaves this way as well. For local administrative accounts
now, and password should not be. You reused right. A lot of people have a tendency to use their corporate password to sign up for Facebook or late then, and that's not a good idea. It's a better idea to use different passwords for each account and manage them using a password manager
Now, if they are or professionally use, you know, work with your I T departments. Implement things like Single sign on will provide enterprise password management solutions for your employees.
So a lot of things we can do to make users earn our trust. So let's take a look at how we could trust applications.